jodiendo: "But, what on earth do we do from here?
What are the solutions without compromising and affecting deeper all the
GNU/LINUX OSI source code, farther WHO DO WE TRUST?"
As an illustration, imagine a shantytown built by "good" people, not designed
by architects and not built by licensed contractors. No blueprints, no
building codes, no inspectors. The shelters "work" but are not ideal.
Not saying that existing code is a shantytown, however didn't most of it
"grow" into being rather than being planned and designed as a "whole"
GNU/Linux system with exacting coding standards and oversight along the way?
An intern is saying he caused the heartbleed exploit.
http://www.forbes.com/sites/kashmirhill/2014/04/10/whats-really-scary-about-heartbleed/
Look at the effect of that goof. Given the project budget and manpower, they
accomplished a lot, sadly including showcasing the fragility of web security.
When you see software or patches uploaded by "cloudchild" or "starlord" or
whatever, should we be comfortable with that?
A corner has been turned. It's going to be harder now, and perhaps less fun,
and less innocent.
Maybe it is time for a formal community of code auditors and reviewers to be
created. Piece by piece, step by step, every line checked, impossible as it
seems.